Lucene search
+L

57 matches found

Positive Technologies
Positive Technologies
added 2022/08/03 12:0 a.m.8 views

PT-2022-18522 · Synology · Synology Calendar

Name of the Vulnerable Software and Affected Versions: Synology Calendar versions prior to 2.3.4-0631 Description: The issue is related to an improper limitation of a pathname to a restricted directory, also known as a 'Path Traversal' vulnerability, in the webapi component. This allows remote...

5CVSS6.9AI score0.0078EPSS
Exploits0References5
OSV
OSV
added 2021/01/29 7:15 p.m.4 views

CVE-2020-24666

The Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a stored Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'Display Name' parameter. Remediated in = 9.1.0.1...

5.4CVSS6AI score0.0062EPSS
Exploits0References2
Prion
Prion
added 2021/01/29 7:15 p.m.15 views

Sql injection

The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains an XML Entity Expansion injection vulnerability, which allows an authenticated remote users to trigger a denial of service DoS condition. Specifically, the vulnerability lies in the 'dashboardXml' parameter. Remediated in ...

4CVSS6.5AI score0.01089EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2021/01/29 7:15 p.m.25 views

Cross site scripting

The Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a stored Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'Display Name' parameter. Remediated in = 9.1.0.1...

3.5CVSS5.6AI score0.0062EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/01/29 6:41 p.m.25 views

CVE-2020-24665

The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains an XML Entity Expansion injection vulnerability, which allows an authenticated remote users to trigger a denial of service DoS condition. Specifically, the vulnerability lies in the 'dashboardXml' parameter. Remediated in ...

6.5AI score0.01089EPSS
Exploits0References2
NVD
NVD
added 2020/12/09 9:15 p.m.25 views

CVE-2020-25499

TOTOLINK A3002RU-V2.0.0 B20190814.1034 allows authenticated remote users to modify the system's 'Run Command'. An attacker can use this functionality to execute arbitrary OS commands on the router...

9CVSS8.9AI score0.04232EPSS
Exploits1References2
CNNVD
CNNVD
added 2020/12/08 12:0 a.m.7 views

Systran Pure Neural Server Cross-Site Scripting Vulnerability

Systran Pure Neural Server is a Web platform product for document translation from Systran, Germany. A cross-site scripting vulnerability previously existed in Systran Pure Neural Server 9.7.0, which stemmed from a cross-site scripting XSS issue in WebUI Translation that allowed a threat actor to...

5.4CVSS5.9AI score0.00651EPSS
Exploits1References3
NVD
NVD
added 2020/07/17 9:15 p.m.22 views

CVE-2020-5756

Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenticated remote users to modify the system's crontab via undocumented API. An attacker can use this functionality to execute arbitrary OS commands on the router...

9CVSS0.02473EPSS
Exploits1References2
Cvelist
Cvelist
added 2020/07/17 8:16 p.m.32 views

CVE-2020-5756

Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenticated remote users to modify the system's crontab via undocumented API. An attacker can use this functionality to execute arbitrary OS commands on the router...

8.9AI score0.02473EPSS
Exploits1References1
OSV
OSV
added 2020/02/14 4:15 p.m.4 views

CVE-2018-21032

A vulnerability in Hitachi Command Suite prior to 8.7.1-00 and Hitachi Automation Director prior to 8.5.0-00 allow authenticated remote users to expose technical information through error messages. Hitachi Command Suite includes Hitachi Device Manager and Hitachi Compute Systems Manager...

4.3CVSS5.8AI score0.00872EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/02/14 3:51 p.m.30 views

CVE-2018-21033

A vulnerability in Hitachi Command Suite prior to 8.6.2-00, Hitachi Automation Director prior to 8.6.2-00 and Hitachi Infrastructure Analytics Advisor prior to 4.2.0-00 allow authenticated remote users to load an arbitrary Cascading Style Sheets CSS token sequence. Hitachi Command Suite includes...

5CVSS6.5AI score0.0084EPSS
Exploits0References2
OSV
OSV
added 2017/08/18 4:29 p.m.7 views

CVE-2017-9767

Multiple cross-site scripting XSS vulnerabilities in Quali CloudShell before 8 allow remote authenticated users to inject arbitrary web script or HTML via the 1 Name or 2 Description parameter to RM/Reservation/ReserveNew; the 3 Description parameter to RM/Topology/Update; the 4 Name, 5...

5.4CVSS5.8AI score0.0298EPSS
Exploits5References3
Prion
Prion
added 2017/05/29 6:29 p.m.17 views

Xxe

XXE vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to read arbitrary files...

4CVSS7AI score0.01054EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2017/03/14 10:59 p.m.3 views

CVE-2016-8025

SQL injection vulnerability in Intel Security VirusScan Enterprise Linux VSEL 2.0.3 and earlier allows remote authenticated users to obtain product information via a crafted HTTP request parameter...

6.2CVSS5.8AI score0.06549EPSS
Exploits4References4
OSV
OSV
added 2017/02/21 7:59 a.m.9 views

CVE-2016-9269

Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Security Virtual Appliance IWSVA version 6.5-SP2BuildLinux1707 and earlier allows authenticated, remote users with least privileges to run arbitrary commands on the system as root via Patch Update...

9.9CVSS6AI score0.13419EPSS
Exploits3References3
OSV
OSV
added 2017/01/05 10:59 p.m.5 views

CVE-2017-5179

Cross-site scripting XSS vulnerability in Tenable Nessus before 6.9.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

5.4CVSS5.9AI score0.01252EPSS
Exploits0References3
OSV
OSV
added 2016/11/30 6:59 p.m.4 views

CVE-2016-2874

IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 mishandles authorization, which allows remote authenticated users to obtain sensitive information via unspecified vectors...

3.1CVSS5.8AI score0.00615EPSS
Exploits0References2
OSV
OSV
added 2016/09/26 4:59 a.m.2 views

CVE-2016-3000

The help service in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to cause a denial of service service degradation via a crafted URL...

4.3CVSS5.8AI score0.01266EPSS
Exploits0References3
OSV
OSV
added 2016/07/13 3:59 p.m.4 views

UBUNTU-CVE-2016-4974

Apache Qpid AMQP 0-x JMS client before 6.0.4 and JMS AMQP 1.0 before 0.10.0 does not restrict the use of classes available on the classpath, which might allow remote authenticated users with permission to send messages to deserialize arbitrary objects and execute arbitrary code by leveraging a...

7.5CVSS6.2AI score0.06192EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2016/07/06 12:0 a.m.8 views

The vulnerability of Samba software allows a malicious individual to compromise the accessibility of protected information.

The vulnerability in the pushascii function of Samba’s smbd allows remote users who have completed authentication to trigger a service failure—a memory-related error and an unexpected termination of the daemon—by attempting to read the path name in Unicode format without using Unicode. This leads...

2.7CVSS6.5AI score0.07269EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder